We're considering going to a Certificate + AAA method of authenticating our VPN AnyConnect clients. This is in response to hackers attempting to brute force their way into our network. It's a nuisance because they guess some of the account names correctly, but never guess the password and end up locking out our legitimate employee accounts, relatively frequently. I have a few questions regarding this.
I understand we need to use one of our internal certificate servers in our ActiveDirectory domain to authenticate vpn clients. We get our certs from GoDaddy, so that our AnyConnect clients won't get certificate errors. Will our GoDaddy Cert interfere with the Cert we use from our internal Cert Server?
When we set it to the VPN Connection profiles to AAA and Certificate, does it verify that the Certificate is installed before performing the AAA authentication?
If we have vendors that connect to the VPN with non-domain computers, how do we get the certificate to them?